<%@include file="connection.jsp"%>
<%

            Connection c = getAdminConnection();
            Statement s = c.createStatement();
			Statement s2 = c.createStatement();
            String userid = request.getParameter("userid");
            String password = request.getParameter("password");
            boolean validPass = false;
			boolean admin=false;			
												 
            ResultSet rs = s.executeQuery("select UserID, Password, Name, Admin, Doc_Code, db_id from users where UserID = '" + userid + "' and Active=1");
            if (rs.first()) {
                if (password.equals(rs.getString("Password"))) {
					
					if(rs.getInt("admin")==0){
                    	
						session.setAttribute("userid", userid);
	                    session.setAttribute("name", rs.getString("Name"));
						/* getting db name*/
						ResultSet rsdb = s2.executeQuery("select name from dbinfo where id='"+rs.getString("db_id")+"'");
						if(rsdb.first()){
	                    	session.setAttribute("db",rsdb.getString("name"));
						}
						/* end getting db*/
	                    if(rs.getString("Doc_Code")!=null){
	                    	session.setAttribute("Doc_Code", rs.getString("Doc_Code"));	
	                    }
	                    
	                    
						admin=false;
					}else{
						session.setAttribute("admin", userid);	
						session.setAttribute("userName", rs.getString("Name"));
						admin=true;
					}
					
                    validPass = true;
                }
            }

            rs.close();
            s.close();
			s2.close();
            c.close();


            if (validPass){
			
				if(admin)
             	   response.sendRedirect("admin/home.jsp");
				else
				   response.sendRedirect("home.jsp");			
				
            } else {
                response.sendRedirect("login.jsp?wp=1");
            }
%>
